Fortinet FortiOS < 5.2 / 5.4.x < 5.4.6 / 5.6.x < 5.6.1 SSL / TLS Renegotiation Handshakes MitM Plaintext Data Injection (FG-IR-17-137)
Medium Nessus Plugin ID 104656
SynopsisThe remote host is affected by a MITM vulnerability.
DescriptionThe version of Fortinet FortiOS running on the remote device is 5.2.x or prior, 5.4.x prior to 5.4.6, or 5.6.x prior to 5.6.1. It is, therefore, affected by a MITM vulnerability in SSL Deep-Inspection due to insecure TLS renegotiation.
SolutionUpgrade to Fortinet FortiOS version 5.4.6 / 5.6.1 or later.